Fortinet Secure SD-WAN Data Sheet

1 1 Fortinet Secure SD-WANA Unified WAN Edge, Powered by a Single OS, to Transform and Secure the WANAs the use of business-critical, cloud-based applications continues to increase, organizations with a distributed infrastructure of remote offices and an expanding remote workforce need to adapt. The most effective solution is to switch from static, performance-inhibited wide-area networks (WANs) to software-defined WAN ( SD-WAN ) architectures. Traditional WANs may utilize SLA-backed private multiprotocol label switching (MPLS) or leased line links to an organizations main data centers for all application and security needs.

2 But that comes at a premium price for connectivity. While a legacy hub-and-spoke architecture may provide centralized protection, it increases latency and slows down network performance to distributed cloud services for application access and compute. The result is operational complexity and limited visibility associated with multiple point products. This scenario adds significant management overhead and difficulties, especially when trying to troubleshoot and resolve s Security-driven Networking strategy tightly integrates an organization s network infrastructure and security architecture, enabling networks to transform at scale without compromising security.

3 This next-generation approach provides consistent security enforcement across flexible perimeters by combining a next-generation firewall with advanced SD-WAN networking capabilities. This scheme eliminates MPLS-required traffic backhaul and delivers improved user experience without ever compromising on security. This integrated approach enables simplified, single-console management for all networking and security needs, while extending SD-WAN into wired and wireless access points of branch offices. As a result, network security and controls can be more deeply integrated, enabling consistent security enforcement into branch LAN Features nWorld s only ASIC-accelerated SD-WAN n5000+ applications identified with real-time SSL inspection nSelf-healing capabilities for enhanced user experience nCloud on-ramp for efficient SaaS adoption nSimplified operations with NOC/SOC management and analytics nEnhanced granular analytics for end-to-end visibility and control DATA SHEETQ1 20222 DATA Sheet | Fortinet Secure SD-WANBUSINESS OUTCOMESI mproved User ExperienceAn application-driven approach provides broad application steering with accurate identification, advanced WAN remediation.

4 And accelerated cloud on-ramp for optimized network and application performanceAccelerated ConvergenceThe industry s only organically developed, purpose-built, and ASIC-powered SD-WAN enables thin edge ( SD-WAN , routing) and WAN Edge ( SD-WAN , routing, NGFW) to Secure all applications, users, and data anywhereEfficient OperationsSimplify operations with centralized orchestration and enhanced analytics for SD-WAN , security, and SD-Branch at scale Natively Integrated SecurityA built-in next-generation firewall (NGFW) combines SD-WAN and security capabilities in a unified solution to preserve the security and availability of the networkCORE COMPONENTSF ortiGateProvides a broad portfolio available in different form factors: physical appliance and virtual appliances, with the industry s only ASIC acceleration using the SOC4 SPU or vSPU.

5 Reduce cost and complexity with next generation firewall, SD-WAN , and advanced routing on a unified platform that allows customers to eliminate multiple point products at the WAN edge ASIC acceleration of SD-WAN overlay tunnels, application identification, steering, remediation, and prioritization ensure the best user experience for business-critical, SaaS, and UCaaS applications FortiOSFortinet s unified operating system delivers a security-driven strategy to Secure and accelerate network and user experience. Continued innovation and enhancement enable: Real-time application optimization for a consistent and resilient application experience Advanced next generation firewall protection and prevention from internal and external threats while providing visibility across entire attack surface Dynamic Cloud connectivity and security are enabled through effective cloud integration and automationFortinet Secure SD-WAN consists of the industry s only organically developed software complemented by an ASIC-accelerated platform to deliver the most comprehensive SD-WAN Management Center Simplify centralized management, deployment.

6 And automation to save time and respond quickly to business demands with end-to-end visibility. With a single pane of glass management that offers deployment at scale, customers can: Centrally manage 100K+ devices, including firewalls, switches, access points, and LTE/5G extenders from a single console Provision and monitor Secure SD-WAN at the application and network level across branch offices, datacenters, and cloud Reduce complexity by leveraging automation enabled by REST APIs, scripting tools such as Ansible/Terraform, and fabric connectors Separate and manage domains leveraging ADOMS for compliance and operational efficiency Role-based access control to provide management flexibility and separation FortiGuard Security ServicesEnhances SD-WAN security with advanced protection to help organizations stay ahead of today s sophisticated threats.

7 Coordinated real-time detection and prevention against known and unknown protecting content, application, people, and devices Real-time insights are achieved by processing extensive amounts of data at cloud-scale, analyzing that data with advanced AI, and then automatically distributing the resulting intelligence back for enforcement and protectionOS3 DATA Sheet | Fortinet Secure SD-WANCORE COMPONENTSF eaturesDescriptionFortiOS SD-WANA pplication Identification and Control5000+ application signatures, first packet Identification, deep packet inspection, custom application signatures, SSL decryption, with mandated ciphers, and deep inspectionSD-WAN (Application aware traffic control)Granular application policies, application SLA based path selection, dynamic bandwidth measurement of SD-WAN paths, active/active and active/standby forwarding, overlay support for encrypted transport, Application session-based steering, probe-based SLA measurementsAdvanced SD-WAN (WAN remediation)Forward Error Correction (FEC)

8 For packet loss compensation, packet duplication for best real-time application performance, Active Directory integration for user based SD-WAN steering policies, per packet link aggregation with packet distribution across aggregate membersSD-WAN deployment Flexible deployment hub-to-spoke (partial mesh), spoke-to-spoke (full mesh), multi-WAN transport supportFortiOS NetworkingQoSTraffic shaping based on bandwidth limits per application and WAN link, rate limits per application and WAN link, prioritize application traffic per WAN link, mark/remark DSCP bits for influencing traffic QoS on egress devices, application steering based on ToS markingAdvanced Routing (IPv4/IPv6)Static routing, Internal Gateway (iBGP, OSPF v2/v3 , RIP v2), External Gateway(eBGP)

9 , VRF, route redistribution, route leaking, BGP confederation, router reflectors, summarization and route-aggregation, route asymmetryVPN/OverlaySite-to-site ADVPN dynamic VPN tunnels, policy-based VPN, IKEv1, IKEv2, DPD, PFS, ESP and ESP-HMAC support, symmetric cipher support (IKE/ESP): AES-128 and AES-256 modes: CBC, CNTR, XCBC, GCM, Pre-shared and PKI authentication with RSA certificates, Diffie-Hellman key exchange (Group 1, 2, 5, 14 through 21 and 27 through 32), MD5, and SHA-based HMACM ulticastMulticast forwarding, PIM spare (rfc 4601), dense mode (rfc 3973), PIM rendezvous pointAdvanced NetworkingDHCP v4/v6, DNS, NAT source, destination, static NAT, destination NAT, PAT, NAPT, Full IPv4/v6 supportFortiOS SecuritySecurityNext Generation Firewall with FortiGuard threat intelligence SSL inspection, application control, Intrusion prevention, antivirus, web filtering, DLP, and advanced threat protection.

10 Segmentation micro, macro, single task VDOM, multi VDOMF abric Management CenterCentralized Management and ProvisioningFortiManager zero touch provisioning, centralized configuration, change management, dashboard, application policies, QoS, security policies, application specific SLA, active probe configuration, RBAC, multi-tenantCloud OrchestrationFortiManager Cloud through FortiCloud, Single Sign-on portal to manage Fortinet NGFW and SD-WAN , Cloud-based network management to streamline FortiGate provisioning and management, extensive automation-enabled management of Fortinet devicesEnhanced AnalyticsBandwidth consumption, SLA metrics jitter, packet loss, and latency, real-time monitoring, filter based on time slot, WAN link SLA reports, per-application session usage, threat information - malware signature, malware domain or URL, infected host, threat level, malware category, indicator of compromiseCloud On-rampCloud integration AWS, Azure, Alibaba, Oracle, Google.